Project

General

Profile

History

Wiki »

NetworkInfrastructure » History » Revision 156

Revision 155 (Denis 'GNUtoo' Carikli, 04/19/2023 11:03 PM) → Revision 156/163 (Denis 'GNUtoo' Carikli, 04/19/2023 11:03 PM) 

h1. Network Infrastructure 

 |_. What |_. Where |_. Access type | Who | Comments | 
 | "Redmine instance":https://redmine.replicant.us |/5. OSUOSL    | Redmine manager | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski 
 * "Wolfgang Wiedmeyer":https://redmine.replicant.us/projects/replicant/wiki/People#Wolfgang-Wiedmeyer 
 * "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli 
 * "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä 
 * "Fil Bergamo":https://redmine.replicant.us/projects/replicant/wiki/People#Fil-Bergamo 
 * "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna 
 * @dllud 
 * @GrimKriegor 
 * OSUOSL system administrators | Since we only have one project, OSUOSL put in a redirect from the main page of our Redmine instance to /project/replicant 
 OSUOSL keeps 2 weeks worth of backups for restoration purposes. | 
 | "Mailing list":https://lists.osuosl.org/mailman/listinfo/replicant | Mailing list administrator | * @dllud 
 * "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli 
 * "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä 
 * "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna 
 * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski 
 * "Wolfgang Wiedmeyer":https://redmine.replicant.us/projects/replicant/wiki/People#Wolfgang-Wiedmeyer 
 * OSUOSL system administrators | OSUOSL keeps 2 weeks worth of backups for restoration purposes. | 
 | "Wordpress instance":https://blog.replicant.us/ | Wordpress administator | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski 
 * "Wolfgang Wiedmeyer":https://redmine.replicant.us/projects/replicant/wiki/People#Wolfgang-Wiedmeyer 
 * "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli 
 * "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä 
 * "Fil Bergamo":https://redmine.replicant.us/projects/replicant/wiki/People#Fil-Bergamo 
 * "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna 
 * @dllud 
 * OSUOSL system administrators 
 * Add your name here if you have access and want to be mentioned | This instance is auto-updated automatically with the help of a plugin. | 
 | "Releases":https://ftp-osl.osuosl.org/pub/replicant/ | SSH | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski 
 * "Wolfgang Wiedmeyer":https://redmine.replicant.us/projects/replicant/wiki/People#Wolfgang-Wiedmeyer 
 * "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli 
 * "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä 
 * OSUOSL system administrators | We should not use too much space. | 
 | The replicant.us (mostly-static) front website |\2. None: there is an automatic hook managed by OSUOSL. | * "Source code":https://git.replicant.us/replicant/website/ 
 * Patches should be sent to the Replicant mailing list. 
 * There is a jenkins hook with a token to pull and deploy the website source code. | 
 | "Replicant Source code":https://git.replicant.us/ |/2. Virtual machine at FSF | SSH root access | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski 
 * "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli 
 * "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä 
 * Several FSF system administrators 
 * FSF backup server 
 * FSF Ansible deployment server | Resources kindly offered by the FSF. 
 The git configuration has "some documentation":https://redmine.replicant.us/projects/replicant/wiki/ReplicantInfrastructure#git-hosting-infrastructure-on-this-machine . 
 Before handling SSH (root) access to this machine: 
 * Make sure that the person really needs it. 
 * Make sure that the person already contributed to Replicant. 
 * Ask one other person that has SSH access and/or the "SteeringCommittee":https://redmine.replicant.us/projects/replicant/wiki/SteeringCommittee to also agree on it. | 
 | "Private contact address":https://redmine.replicant.us/projects/replicant/wiki/PrivateContact | IMAP access | * "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli 
 * "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä 
 * "Fil Bergamo":https://redmine.replicant.us/projects/replicant/wiki/People#Fil-Bergamo 
 * "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna 
 * @dllud 
 * @GrimKriegor | You can write to the contact address (all the members of "SteeringCommittee":https://redmine.replicant.us/projects/replicant/wiki/SteeringCommittee receive it) if for some reasons you need to receive it as well. | 
 |/2. #replicant IRC channel | Freenode | Channel operator | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski 
 * "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli 
 * "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä 
 * "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna | Quiet mode for unregistered users is disabled for the time being. If SPAM comes back use: @/mode #replicant +qe $~a *!*@gateway/web/*@ and @/mode #replicant +qe $~a *!*@gateway/shell/matrix.org/*@ to re-apply it. These commands whitelist users coming through web based IRC clients and via the Matrix.org IRC bridge. | 
 | OFTC | Channel operator | * "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna 
 * @JeremyRand | Bridged with the Freenode IRC channel and #freenode_#replicant:matrix.org Matrix channel through the NCBridge bot operated by @JeremyRand | 
 | The replicant.us domain name | gandi.net | * Web inteface through gandi website 
 * The DNS entries are configured to use gandi's DNS server | * "Bradley Kuhn (administrative contact)":https://redmine.replicant.us/projects/replicant/wiki/People#Bradley-M-Kuhn : Can do everything (including designating the technical contact or transferring the domain)  
 * "GNUtoo (technical contact)":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli : can do DNS zone changes 
 * Other people? "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski ? | | 
 | The replicant.us TLS certificate | Let's Encrypt | Access probably by controlling the respective domain name | * https://www.replicant.us: OSUOSL 
 * https://blog.replicant.us: OSUOSL 
 * https://redmine.replicant.us: OSUOSL 
 * https://git.replicant.us: ? | History: CA-cert -> GlobalSign -> LetsEncrypt | 
 | "Mastodon account":https://mamot.fr/@replicant | Administred by "La quadrature du net":https://en.wikipedia.org/wiki/La_Quadrature_du_Net | Account only | * TODO: ask the person who created the account 
 * The "Private contact address":https://redmine.replicant.us/projects/replicant/wiki/PrivateContact address was used as the mail    | See the [[Mastodon]] page for more details | 

 h2. OSUOSL 

 The OSUOSL is the "Oregon State University Open Source Lab":https://osuosl.org/. 

 Contact: 
 * They can be contacted on #osuosl on the Freenode IRC network 
 * They also have a 'support' mail address at osuosl.org 

 h2. Virtual machine in FSF's infrastructure 

 * The virtual machine is hosted in a server that is in their office or in a datacenter. 
 * Several FSF network administrator also have access to the virtual machine 

 Contact: 
 * The 'sysadmin' mail address at gnu.org 
 * The FSF system administrators can also be contacted on #fsfsys on the Freenode IRC network for more urgent matters 

 h3. Virtual machine specifications 

 See [[VMSpecifications]] for the VM specifications. 

 h3. Virtual machine backup policies 

 The virtual machine is backed up daily. The backup procedure excludes the following path at the time of writing: 
 <pre> 
 /dev 
 /proc 
 /tmp 
 /sys 
 /run 
 /mnt 
 /mnt0 
 /mnt1 
 /mnt2 
 /mnt3 
 /mnt4 
 /mnt5 
 /mnt6 
 /mnt7 
 /mnt8 
 /mnt9 
 /floppy/ 
 /cdrom/ 
 /media/ 
 /net/ 
 /var/spool/squid/ 
 /var/spool/squid3/ 
 /var/spool/squid3_bak/ 
 /var/spool/squid-tbd/ 
 /var/spool/squid*/ 
 /var/spool/django/ 
 /var/spool/exim/ 
 /var/cache/ 
 /srv/chroot/ 
 /t 
 /srv/to-tape 
 /var/lib/ceph/osd/ 
 /var/lib/apt/lists/ 
 /var/cache/apt/ 
 </pre> 

 h3. git hosting infrastructure on this machine 

 The source code is in /srv/git/git-data/repositories and is divided in several groups: 
 ** Replicant source code 
 ** LineageOS mirror 
 ** AOSP mirror 
 ** Various developers repositories 

 |_. function |_. software |_. documentation |_. comments | 
 | authorization | gitolite | "UpstrreamSourceCodeMirrors":https://redmine.replicant.us/projects/replicant/wiki/UpstrreamSourceCodeMirrors | | 
 | read access | * git:// -> git daemon 
 * ssh:// -> ssh daemon 
 * https:// -> ? (TODO: document the software/configuration) | | | 
 | web | cgit | "Cgit":https://redmine.replicant.us/projects/replicant/wiki/Cgit | | 

 h2. Gandi 

 * See https://en.wikipedia.org/wiki/Gandi for more details 

 h2. Freenode 

 h2. GDPR 

 * For GDPR related inquiries, you can write to the "PrivateContact":https://redmine.replicant.us/projects/replicant/wiki/PrivateContact mail address. 

 h2. TODO: 

 * Ask the OSUOSL about backup policies. 
 * Document public spaces like Freenode IRC channel. 
 * Do our own backup policies and do some backups ourselves. 
 * Contact the people that have some control of the resources above and ask for permission to mention them here 
 * Fill the gaps (mentioned with '?') in this page 
 * Look what happens when an account is deleted 
 * Fix the related issues in the "tracker":https://redmine.replicant.us/projects/replicant/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=category_id&op%5Bcategory_id%5D=%3D&v%5Bcategory_id%5D%5B%5D=57&f%5B%5D=&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=priority&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&c%5B%5D=category&c%5B%5D=cf_21&group_by=&t%5B%5D= 
 * Move the entries of this TODO list to the tracker when it makes sense 

 h1. Funding and legal entity 

 See the "SteeringCommittee":https://redmine.replicant.us/projects/replicant/wiki/SteeringCommittee for more details. 

 h1. Legal advise 

 Contact Zoë Kooyman at the FSF. 

 Note that Zoë Kooyman is not a lawyer but the FSF has lawyers. 

 h1. Documentation  

 The "replicant-infrastructure redmine project":https://redmine.replicant.us/projects/replicant-infrastructure has a "wiki":https://redmine.replicant.us/projects/replicant-infrastructure/wiki with more documentation in it.